IBM Tivoli Composite Application Manager for Applications, Version 7.2.1.1

Specifying OAM security authorizations for WebSphere MQ objects

About this task

You can configure object authority manager (OAM) security authorizations that control access authority for the following WebSphere® MQ objects:

  • Authentication information
  • Channel
  • Listener
  • Namelist
  • Queue
  • Queue manager
  • Service
Restriction: Setting OAM access authority for WebSphere MQ objects is not supported on z/OS® systems.
To specify OAM security authorizations for WebSphere MQ objects:
Important: If the granular security function is enabled in your environment, make sure that your system administrator has granted you the required authorities to perform this operation.

Procedure

  1. Ensure that you are in update mode. See Entering update mode for information about how to enter update mode.
  2. Open the Defined View. The settings list for the object is displayed on the right side of the Defined View.
  3. In the defined view tree, select the namelist, queue, or queue manager that has security authorizations that you want to set.
  4. Expand the Authorization section.
    Figure 1. Expand the Authorization section
    This figure shows the expanded Authorization section
    The Authorized users field lists users (U) or user groups (G) that are authorized to use this resource. (This example shows that users who belong to the mqm user group are authorized to use this resource.) Each 3-item comma-delimited string sequence that is in this field ends with a number that is created by WebSphere MQ Configuration agent, which you can ignore.
  5. Double-click the Authorized users field to edit this value. The Authorization window opens as shown in Figure 2:
    Figure 2. Authorization dialog
    This figure shows the Authorization window
    Use this window to add, delete, or alter principals or groups; you can also specify authorities for a specific user or group. When you select an entry from the list area on the left, the Authorities check boxes are set according to the defined authority settings that are associated with the selected user or group. For details about using this window, click Help.
  6. Use this window to add, delete, or alter principals or groups that are authorized to use this resource and click Save changes to save your change.
  7. Select the Configure WebSphere MQ Authorization check box in the Auto Start section of the queue manager settings list. If you are specifying the access authority of a queue or a namelist, you must open the settings list of the queue manager that it belongs to and select the Configure WebSphere MQ Authorization check box.
  8. Click Save to save your changes.


Feedback